Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Insider Threat Workshop

The CERT Program at Carnegie Mellon University's Software Engineering Institute has been researching insider threats since 2002. We have compiled a database containing hundreds of actual insider threat cases. Our insider threat research focuses on both technical and behavioral aspects of actual compromises; our goal is to raise awareness of the risks of insider threat and to help identify the factors influencing an insider's decision to act, the indicators and precursors of malicious acts, and the countermeasures that will improve the survivability and resiliency of the organization.

We have combined all of our work into a two day workshop on insider threat. The workshop consists of presentations and interactive exercises in which participants are led through portions of the CERT insider threat assessment instrument, which was developed to enable organizations to assess their insider threat risk. The assessment addresses technical, organizational, personnel, security, and process issues. The purpose of the exercises is to assist participants in assessing their own organization's vulnerability to insider threat in specific areas of concern. Our goal is that participants leave the workshop with actionable steps that they can take to better manage the risk of insider threat in their organization.

Who should attend?

The target audience is managers, leaders, directors, and chief executives across all facets of the organization including IT, HR, Legal, Physical Security, and Operations. The workshop will benefit team leaders, project managers, business managers, financial managers, security officers, risk officers, C-Level managers and anyone else responsible for creating, implementing, enforcing, and auditing practices and procedures throughout the organization.


  • Overview of Insider Threats
  • Insider IT Sabotage
  • Insider Theft of Information for Business Advantage (e.g. Industrial Espionage)
  • Insider Theft or Modification of Information for Financial Gain
  • Insider Threats in the Software Development Life Cycle
  • Best Practices for Prevention and Detection


  • Attendees will leave the workshop with actionable steps that they can take to better manage the risk of insider threat in their organization.
  • Attendees will understand the motivation, characteristics of insiders, behavioral and technical precursors, and technical aspects of insider fraud, theft of confidential or sensitive information, and IT sabotage.
  • Attendees will understand the best practices that can be implemented to prevent insider incidents or detect them as early as possible.
  • Attendees will know what "observables" they should be looking for within their own organizations that could indicate a pending insider attack.


There are no prerequisites for this course.


Participants will receive a course notebook, case studies and a CD containing the course and supplemental materials.


This 2 day course meets at the following times:

Days 1-2, 8:30 a.m. - 4:30 p.m. (U.S. Locations)
Days 1-2, 9:00 a.m. - 5:00 p.m. (non U.S. Locations)

Course Details

This course may be offered by special arrangement at customer sites.

For More Information

Phone: 412-268-7622

Insider Threat Certificates